wanboot.conf(4) File Formats wanboot.conf(4)NAMEwanboot.conf - repository for WANboot configuration data
SYNOPSIS
/etc/netboot/wanboot.conf
DESCRIPTION
The wanboot.conf file is set up by a system administrator for one or
more WANboot clients. The file contains information used to drive the
WANboot process. The CGI program that serves up the bootstrap (wanboot)
and the boot and root filesystems use information contained in the file
to determine file paths, encryption and signing policies, and other
characteristics of the operating environment.
A copy of wanboot.conf is incorporated in the boot filesystem that is
transmitted to the client. This is used by the bootstrap (wanboot) to
determine SSL authentication policy, and other security conditions.
You should use the bootconfchk(1M) utility to check the format and con‐
tent of a wanboot.conf file prior to deployment.
FILE FORMAT
Entries in wanboot.conf are written one per line; an entry cannot be
continued onto another line. Blank lines are ignored, as is anything
following a hash mark character (#), which allows you to insert com‐
ments.
Each non-blank, non-comment line must take the form:
parameter=value
where value is terminated by the end-of-line, a space, or the hash mark
character. The value can be quoted if it contains a space or a hash
mark, using single or double quotes.
The parameters currently supported and their meanings are as follows:
boot_file
Specifies the path of the bootstrap file relative to the directory
from which the web server serves files. This parameter must be
given if the bootstrap file (wanboot) is to be served via HTTP, and
must be specified with a leading slash (/).
root_server
Specifies the location of the CGI program that will serve up the
information about the root filesystem that will be transmitted to
the client. If present, the value must be a URL in one of the fol‐
lowing forms:
http://host:port/some_path/wanboot-cgi
https://host:port/some_path/wanboot-cgi
where http specifies insecure download of the root filesystem;
https specifies secure download of the root filesystem; host is the
name of the system which will serve the root filesystem; port is
the port through which the web server will serve the root filesys‐
tem image; some-path is the directory which contains the wanboot-
cgi CGI program which will serve information about the root
filesystem. For example:
http://webserver:8080/cgi-bin/wanboot-cgi
root_file
Specifies the path of the root filesystem image relative to the
directory from which the web server serves files. This parameter
must be given if the root filesystem is to be served by means of
HTTP, and must be specified with a leading /.
signature_type
Specifies the signing algorithm to be used when signing the boot‐
strap (that is, wanboot), the boot filesystem, and the root
filesystem (assuming the last is not being sent using secure HTTP),
prior to transmission to the client. If absent, or the value is
empty, no signing will be performed. If present, its value must be:
sha1.
If signature_type is set, the client system being booted must also
be setup with a client key for that algorithm.
encryption_type
Specifies the encryption algorithm to be used when encrypting the
boot filesystem prior to transmission to the client. If absent, or
the value is empty, no encryption of the boot filesystem will be
performed. If present, its value must be one of: 3des or aes.
If encryption_type is set to one of the above algorithms, then the
client system being booted must also be setup with a client key for
that algorithm and a non-empty encryption_type must also be speci‐
fied.
server_authentication
Specifies whether server authentication should be requested during
SSL connection setup. If absent, or the value is empty, server
authentication will not be requested. If present, its value must be
one of: yes or no.
client_authentication
Specifies whether client authentication should be requested during
SSL coonection setup. If absent, or the value is empty, client
authentication will not be requested. If present, its value must be
one of: yes or no.
If client_authentication is yes, then encryption and signing algo‐
rithms must also be specified, the URL scheme in root_server must
be https, and server_authentication must also be yes.
resolve_hosts
Used to specify any host names that might need to be resolved for
the client system. Host names appearing in URLs in wanboot.conf and
any discovered in certificates associated with the client will
automatically be resolved and do not need to be specified here. The
value should be a comma-separated list of host names.
A typical use of this parameter would be to name hosts used by the
installer that differ from any of those used by the bootstrap.
boot_logger
Specifies the URL of a system to which logging messages will be
sent. If absent, or the value is empty, then logging will be to the
system console only. If present it must specify a URL in one of the
following forms:
http://host:port/some_path/bootlog-cgi
https://host:port/some_path/bootlog-cgi
where the constituent parts are as defined for root_server, above.
Logging can be insecure or secure.
system_conf
Specifies the name of a file in the /etc/netboot hierarchy that
will be incorporated in the boot filesystem named system.conf and
which is intended for use by the system startup scripts only.
EXAMPLES
Example 1: Sample File
The following is a sample wanboot.conf file:
####################################################################
#
# Copyright 2003 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
#ident "@(#)wanboot.conf 1.12 03/01/30 SMI"
#
####################################################################
# wanboot.conf(4): boot configuration file.
#
# Please consult wanboot.conf(4) for further information. Note that
# this interface is "Evolving" as defined by attributes(5).
#
# Anything after a '#' is comment. Values may be quoted (e.g. "val").
#
# <empty> means there is no value, i.e. null. The absence of any
# parameter implies that it takes a default value (<empty> unless
# otherwise specified).
#
# <url> is of the form http://... or https://...
####################################################################
# The path of the bootstrap file (within htdocs) which is served up
# by wanboot-cgi(bootfile).
#
boot_file=/bootfiles/wanboot # <absolute pathname>
# These are used by wanboot-cgi(bootfile|bootfs|rootfs) to determine
# whether boot_file or the bootfs is to be sent encrypted/signed, or
# root_file is to be sent signed; the client must be setup with the
# corresponding encryption/signature key(s) (which cannot be auto-
# matically verified).
#
# If an encryption_type is specified then a signature_type must also
# be specified.
#
encryption_type=3des # 3des | aes | <empty>
signature_type=sha1 # sha1 | <empty>
# This is used by wanboot-cgi(bootfs) and WANboot to determine whether
# server authentication should be requested during SSL connection
# setup.
#
server_authentication=yes # yes | no
# This is used by wanboot-cgi(bootfs) and wanboot to determine whether
# client authentication should be requested during SSL connection
# setup. If client_authentication is "yes", then server_authentication
# must also be "yes".
#
client_authentication=yes # yes | no
# wanboot-cgi(bootfs) will construct a hosts file which resolves any
# hostnames specified in any of the URLs in the wanboot.conf file,
# plus those found in certificates, etc. The following parameter
# may be used to add additional mappings to the hosts file.
#
resolve_hosts= # <hostname>[,<hostname>*] | <empty>
# This is used to specify the URL of wanboot-cgi on the server on which
# the root_file exists, and used by wanboot to obtain the root server's
# URL; wanboot substitutes root_file for the pathname part of the URL.
# If the schema is http://... then the root_file will be signed if there
# is a non-empty signature_type. If server_authentication is "yes", the
# schema must be https://...; otherwise it must be http://...
#
root_server=https://www.example.com:1234/cgi-bin/wanboot-cgi # <url> | <empty>
# This is used by wanboot-cgi(rootfs) to locate the path of the
# rootfs image (within htdocs) on the root_server.
#
root_file=/rootimages/miniroot # <absolute pathname> | <empty>
# This is used by wanboot to determine the URL of the boot_logger
# (and whether logging traffic should be sent using http or https),
# or whether it should simply be sent to the console.
#
boot_logger=http://www.example.com:1234/cgi-bin/bootlog-cgi # <url> | <empty>
# This is used by the system startup scripts.
#
system_conf=system.conf
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Interface Stability │Evolving │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSObootconfchk(1M), attributes(5)SunOS 5.10 15 Nov 2003 wanboot.conf(4)
